Comfy is a cloud-based software application that delivers exceptional workplace experiences by enabling people to personalize their workplace environment while providing real-time, actionable insights for digital workplace leaders.
Comfy integrates with existing building systems that use the BACnet/IP protocol to dynamically change their environment based on the need. Comfy ties with the building’s HVAC system to manage zone temperatures based on occupant feedback. A Comfy user can request an immediate 10 minute stream of warm or cool air through the Comfy mobile or desktop application. Comfy communicates with the BMS to moderately adjust that zone’s temperature and airflow. Over time, Comfy learns the preferences of that zone through machine learning and will automatically adjust the temperature range to better meet the needs of the employees throughout the day. Comfy shares these findings through Comfy Insights, a business intelligence dashboard that enables corporate real estate leaders to make data-driven decisions that create better workplaces and optimize their facilities.
Comfy has different elements, so the best way to describe how Comfy is secure is to describe how each element is secure. These elements include: The Comfy application, the Comfy Gateway, Comfy in the Cloud, and the network that connects all of these things together.
Application Security: Comfy tests all code for security vulnerabilities and other defects before release, and regularly performs network and application scans for vulnerabilities.
The Comfy Gateway: The Comfy Gateway is a gateway box connected to the BMS network. The software on the Gateway is configured with the minimum set of software needed to perform its function, reducing exposure to hacks. The Gateway is connected via SSL to the Comfy cloud. Additionally, the Comfy app and the Comfy server are kept functionally separate in the cloud so the Gateway cannot be hacked via the app.
Comfy in the Cloud: Comfy is run on Amazon EC2, which has extensive physical and environmental controls, including redundant power supplies, biometric identification before physical access, and other measures to ensure the security and integrity of their systems. We regularly review their ISO27001 and SOC2 reports to ensure that their security measure align with our commitments to our customers.
Network Security: Customers access Comfy' products over the internet, using industry-standard secure and encrypted connections (TLS 1.0-1.2) using high-grade 2048-bit, SHA-256 certificates.
Yes, that was a big deal and cost Target millions. The "hack" didn't come through the HVAC software, though, but rather through the compromised laptop of an HVAC service technician. The big lesson learned there was to keep sensitive information secured away from access by a third party service provider, and for the HVAC technician to practice much tighter operational security with devices such as company laptops.
Yes Google sure did. That incident shined a light on the need for corporate facilities teams to work with their own IT teams to properly secure their BMS platforms. If you rely on a controls contractor to set up a public-facing network connection for ease of remote access, you open your networks up to similar risk. At Comfy, we work with our clients every day to make sure any BMS network penetration is the most secure possible - our methods rely on years of cybersecurity research and constant testing of protocols.
These are all great questions. We have been pen tested. We are happy to walk through any questions your IT team(s) may have, any time! You can read more about our security standards in place in our security deep dive.
Impacts on your network will be minimal. Comfy merges BACnet commands to reduce impacts, and they are small to begin with. It is also possible to configure how often Comfy reads BACnet points to further reduce traffic.
Comfy can be accessed via web browser and/or mobile app (Android and iOS).
Comfy supports IE11, Edge, Chrome, Safari, including the mobile versions of these, as well as having Android and iOS apps.